Solved

Impersonate Username

Posted on 2004-09-07
10
484 Views
Last Modified: 2012-05-05
Hi all,

First of all thank you Experts Exchange, I can always count on this site for an answer to my problems.

My problem is that I have a program that accesses a folder on a linux running samba.  I want to pass the username and password of a network user via VB6 code so that only the program has access to the samba share.  I do not want individual users to have access to these shares.  I have searched the net and have only come up with a dll called SFImpersonator but not sure how to incorperate this into my code.

Thanks in advance
0
Comment
Question by:m0nsterz
  • 5
  • 5
10 Comments
 

Author Comment

by:m0nsterz
ID: 12024220
This is really urgent so I have doubled the points.
0
 
LVL 76

Expert Comment

by:David Lee
ID: 12148263
I don't know anything about Linux or Samba.  If you can explain to me how a VB program connects to a share on Linux/Samba, then I might be able to help you figure out how to do this.
0
 

Author Comment

by:m0nsterz
ID: 12157924
Hi BlueDevilFan

Maybe I should rephrase my question.  I think that if I was accessing a share on a Windows 2000 server the code would be exactly the same.  Basically what I have is a database running on a server (whether it be Linux or windows 200) makes little difference, as samba makes windows think that the linux server is a windows server) and the front end program is running on a users computer.  I want the program to access the database but I don't want to explicitly give the user permission to access the database.  It is almost like having an Application account on SQL server, except this has an access database instead.  So I want the program when it runs to change the user name and password that it passes to the server to one that has permissions to access the database and when the program closes it changes the user name back to what it was before and the user will be none the wiser.

I hope this explains things a little better.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 76

Accepted Solution

by:
David Lee earned 500 total points
ID: 12158503
If the process is the same as mapping a local drive, then this should do it.

    Dim objWSHNet As New WshNetwork, _
        strDrive As String, _
        strRemotePath As String, _
        strUsername As String, _
        strPassword As String
    'Use whatever free drive letter you choose
    strDrive = "Z:"
    'The path to the share on the Linux/Samba server
    strRemotePath = "\\Server\Share"
    'The username of the account you want to use
    strUsername = "UserName"
    'The password for the account you are using
    strPassword = "Password"
    'Map the drive
    objWSHNet.MapNetworkDrive strDrive, strRemotePath, , strUsername, strPassword
    'When you're all done this will remove the drive connection.
    objWSHNet.RemoveNetworkDrive strDrive, True
    'Always destroy objects to reduce memory leaks
    Set objWSHNet = Nothing
0
 
LVL 76

Expert Comment

by:David Lee
ID: 12158507
Oh, a don't forget to add a reference to Windows Script Host Object Model to your program.
0
 

Author Comment

by:m0nsterz
ID: 12158602
I will give this a try and let you know later on today.  Thanks for the quick response
0
 

Author Comment

by:m0nsterz
ID: 12224156
Hi BlueDevilFan

Sorry for the delay in the reply but I had to go out of the office for a few days.  I have tried your code manually and it works fine, but is there any way of doing this without mapping a drive.  If the drive is mapped when the program is open then anyone can get onto the server.
0
 
LVL 76

Expert Comment

by:David Lee
ID: 12225648
No problem on the delay.  What you want is for the program to be able to access the share but not the user.  That's more a little more complicated.  The only way I can think of off the top of my head is to use the programming equivilent of the Runas command.  Runas allows for a program to be run in a different security context (i.e. under a diffferent account).  It's great for an administrator who may need to run a program under his/her admin account at a user's workstation, saving the need to log the user off and log on as themself.  The same capability can be written into a program.  What it'll mean though is that you'll need two programs.  The first program will be the one the user launches.  It'll be very small and simple since all it'll do is spawn the second program.  But, it'll spawn the second program under a different account, an account that'll have access to the share, which in turn gives the second program access to the share.  Since the program is running in a different security context from that of the user, the program will enjoy access to the share while the user running it will not.  The real issue becomes one of how to store the password for the account the program will use.  If you embed it in the program, then a password change means you have to recompile the program with the new password and issue a new executable to all users of the program.  The alternative to that is to read the password from a file.  Of course if you store the password as clear-text, then anyone who can find the file and knows the account it goes with now has access to the share.  Naturally you can encrypt the password and then write it into a file.  That improves security but the password is still out there and most security types usually get nervous about that sort of thing.  

Another approach would be to go client-server.  The server would sit on the machine where the share is and the client would talk to it.  This simplifies the authentication problem, but, depending on what you want to accomplish, coding the server could be a more significant issue.  Or, you could write a service that'd run on the client computer.  This would work just like client-server would only both components would be on the local computer rather than one on the client and the other on the computer where the share is.  Let me know which approach you'd like to take and I'll do what I can to help you with it.
0
 

Author Comment

by:m0nsterz
ID: 12226039
I like the Runas, but would this work on a Windows 98 machine, as this is th OS that the program is running on.  Is it not possible to hide the mapped drive coz if so this would work for me.
Could you elaborate on how the service would work with the authentication on the server.

Thanks for the time you are spending to help me out, much appreciated.
0
 
LVL 76

Expert Comment

by:David Lee
ID: 12226275
To the best of my knowledge Runas is an NT/2000/XP/2003 concept.  There's nothing I know of like it in Win98, so Runas is out of the picture.  Is it possible to hide the mapped drive?  I was thinking about that when I wrote my earlier post.  There are various utilities that allow you to hide a drive letter, but I don't know of a way to do it from a program.  Let me think about it and see if I can come up with anything.  

If this needs to run from Win98, then a service isn't the answer.  I'll answer your question though in another post.  Sorry, but I have to run right now.

You're welcome.  Glad to help out.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction In a recent article (http://www.experts-exchange.com/A_7811-A-Better-Concatenate-Function.html) for the Excel community, I showed an improved version of the Excel Concatenate() function.  While writing that article I realized that no o…
You can of course define an array to hold data that is of a particular type like an array of Strings to hold customer names or an array of Doubles to hold customer sales, but what do you do if you want to coordinate that data? This article describes…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question